Google Takes Wi-Fi Snooping Scandal to the Supreme Court

The biggest U.S. internet wiretapping program outside the NSA may be headed to the Supreme Court.

Google is asking the high court to rule on the legality of the company’s past sniffing of unencrypted Wi-Fi traffic in neighborhoods around the country as part of its Street View program. An appeals court last September found that the sniffing may have violated the Wiretap Act.

The company’s fleet of photo-snapping cars is equipped with Wi-Fi hardware to record the names and MAC addresses of nearby routers to improve Google geolocation services. From 2008-2010, those vehicles were also capturing tiny snippets of internet traffic from countless thousands of routers that weren’t employing encryption, turning every Street View vehicle into a rolling spy machine.

Subsequent investigation found that the electronic eavesdropping was part of an engineer’s 20-percent-time project; the engineer had urged the company’s legal team to weigh in before deploying the code to the Street View fleet, but the request slipped through the cracks. When the sniffing eventually surfaced, Google apologized, stopped doing it and offered to destroy the data, which it had never used.

But the company has vigorously defended the legality of the sniffing, arguing that capturing unencrypted Wi-Fi is not wiretapping.

The Justice Department and the FCC have cleared Google of direct wrongdoing, but the U.S. 9th Circuit Court of Appeals last September ruled against the company in a dozen merged class action lawsuits stemming from the scandal. The company today asked the Supreme Court to overrule that decision and end the lawsuits.

The Wiretap Act generally outlaws the surreptitious interception of electronic communications, but has an exception for “electronic communication [that] is readily accessible to the general public.” Google’s argument is that plaintext Wi-Fi sniffing is the legal equivalent of listening to a Taxi dispatcher on a Radio Shack scanner.

If the Supreme Court hears the case and eventually rules that unencrypted Wi-Fi sniffing is legal, that might be seen as a boon to criminals who eavesdrop on public access points to sniff out passwords or credit card numbers. But Google ingeniously argues that the 9th Circuit’s ruling is actually bad for computer security, because it could bar legitimate security scanning.

“IT professionals routinely use the same kind of technology as Google’s Street View cars did to collect packet data in order to secure company networks,” the company writes. “And unlike Google, which never used the payload data it collected, security professionals also parse and analyze the data collected from wired and wireless networks, including networks operated by other persons or entities, to identify vulnerabilities in and potential attacks on the networks they protect.”

Here’s The Thing With Ad Blockers

We get it: Ads aren’t what you’re here for. But ads help us keep the lights on. So, add us to your ad blocker’s whitelist or pay $1 per week for an ad-free version of WIRED. Either way, you are supporting our journalism. We’d really appreciate it.